Scam of the day – January 18, 2016 – Identity theft dangers of social media

Social media is as much a part of modern day life as a morning cup of coffee.  Facebook, Twitter, Instagram and many other social media sites are the primary way that many people communicate.  With more than 500 million people on Facebook alone, you can expect that identity thieves will be there taking advantage of the opportunities for identity theft presented by social media.  Although many social media scams involve luring people into clicking on links containing keystroke logging malware that will steal the information from your computer or smartphone and use it to make you a victim of identity theft, a major source of identity theft involving social media involves people posting too much personal information about themselves that can be manipulated by identity thieves for their illegal purposes.

Recently the Niagara County New York County Clerk Joseph A. Jastrzemski issued a warning about people putting photographs of their driver’s licenses on Facebook and other social media.  Too often, a young person who just got his or her driver’s license will post a photo of the license on social media without realizing that he or she is providing information, such as address and birth date than can be used to either contribute toward their becoming a victim of identity theft or for purposes of creating phony driver’s licenses which can be sold on the black market that can result in the victim of the identity theft having motor vehicle offenses that turn up on his or her  own driving record.


When it comes to posting personal information on social media, often the less you provide the better. Don’t ever post driver’s licenses or other forms of personal identification.  Too much personal information in the hands of an identity thief can make his job easier to target you for spear phishing emails or text messages that use the information they have harvested from their intended victim’s social media to make their spear phishing communications seem legitimate.  This can result in the victims trusting the communications and downloading keystroke logging malware.

Don’t befriend everyone that asks.  Identity thieves will contact you with phony profiles to lure you into providing information they can use to make you a victim of identity theft.  Also, check out the privacy policy of the various social media sites you use.  You may be providing more information than you want to share with other people.

Scam of the day – June 2, 2014 – Facebook privacy checkup

One of the major causes of identity theft is the fact that many of us share too much personal information on social media.  Identity thieves are able to harvest this information which may include, addresses, employer, email address, phone number, birth date and names of family members to use to make us victims of identity theft.  Too many people don’t even give any thought to the amount of personal information about themselves that they make available online through social media and the danger of identity theft it poses.  Recently Facebook announced that in order to remedy this situation it was offering a privacy checkup to each of its 1.28 billion users.  As a part of Facebook’s new privacy policy it will also change the default setting of new posts by adjusting initial posts to be seen only by friends rather than the public.  A public setting which was formerly the default setting permits anyone on the Internet to see posted photographs and messages.  Soon when people go to post something on Facebook they will see a cartoon blue dinosaur that pops up with the message “We just wanted to make sure you’re sharing with the right people.”  The dinosaur will then guide you through your privacy settings for status updates, remind them of teh apps that they have given permission to use their Facebook data and review the privacy settings for their profile information.


Many of us are not aware of the personal information available about us in various social media and how we have, often unwittingly, allowed this information to be broadly available, which can pose a danger to us of identity theft or worse.  Now is a good time to not only review the privacy of your data on Facebook, but on all of your social media.  It might surprise you to learn how widely disseminated your personal information is and that you have agreed for it to be available by not taking the time to better understand the privacy rules in effect on each of the social media sites you use.

Scam of the day – August 30, 2013 – New dangerous Facebook scam

Facebook has long been fertile ground for scammers and identity thieves and there is a good reason for this.  The sheer number of people on Facebook provides a great opportunity for scammers and identity thieves.  The high level of trust that people have for communications they receive on their Facebook page is another reason Facebook has become such a prominent place for scams and identity theft schemes.  It is important to remember my motto, “trust me, you can’t trust anyone.”  The most recent Facebook scam follows a familiar pattern.  You receive a message telling you that you have been tagged in a Facebook post.  When you go to Facebook and click on the link, you are then directed to a Website that prompts you to download either a browser extension or a plug-in in order to be able to watch a video that is alleged to pertain to you.  Unfortunately, what you actually are downloading is not a browser extension or a plug-in, but keystroke logging malware, sometimes called a Trojan Horse,that enables the identity thief who planted it to steal all of the information from your computer including your Social Security number, passwords, credit card information, bank account information and more.  He or she then uses that information to make you a victim of identity theft and make your life miserable.  According to security researcher Carlo De Micheli, this scam has been spreading at a rate of about 40,000 attacks every hour.


Never click on links or download attachments unless you are absolutely sure that they are legitimate and secure.   Even if the link or download appears in a Facebook message or email that appears to come from a friend of yours, you can’t be sure that either your friend’s account had been hacked or that your friend, unwittingly, is passing on tainted material.  Also, make sure that all of your electronic devices, including your computer, smartphone and tablets are protected with security software including anti-malware software and that you keep your security software constantly updated.

Scam of the day – June 24, 2013 – Facebook data leak

Facebook has just announced that through a technical flaw that first started over a year ago, the telephone numbers and email addresses of six  million of its users were improperly provided to other Facebook users who downloaded contact data of their “friends.”  In and of itself, this dos not create a problem and Facebook was quick to point out that there presently is no indications that the information has been used for purposes of identity theft or the specialized form of phishing called “spear phishing” where identity thieves are able to more effectively lure their victims to websites tainted with dangerous malware that can be used to steal personal information from the victim’s computer or portable device.  In spear phishing, people are more apt to believe the phony email that starts the scam because it is directed to them by name and appears to be from a company with which they do business.  The problem is many faceted.  Many people accept too many other people as their “friends” on Facebook without even really knowing these people who in many instances are identity thieves and scam artists out to exploit their Facebook connection with their victims.  Additional personal information such as telephone numbers and email addresses can be used by identity thieves to help steal their victim’s identity .   Just as troubling is the fact that this situation once again shows that your personal information is only as safe as the person or company with the worst security measures that has your information.


In general, you should try to limit, as much as possible, the number of places that have personal information about you.  If someone with whom you do business wants to use your Social Security number as an identifying number, you should propose to them that they use another number, such as your driver’s license number instead of your Social Security number.  In particular, as to Facebook, you should limit the amount of personal information that you provide.  Information such as your birthday or the name of your pet can put you in jeopardy as to identity theft or guessing your passwords.  For more detailed instructions as to how to protect your privacy and security on Facebook, check out my book “50 Ways to Protect Your Identity in a Digital Age.”

Scam of the day – December 29, 2012 – Arrests in Facebook scam

Earlier this month in a concerted effort by law enforcement throughout the world, ten people were arrested in Boznia, Herzegovina, Croatia, Macedonia, New Zealand, Peru, the UK and the United States in regard to a scam that targeted Facebook users through a botnet called the Buttefly Botnet.  This particular type of botnet had already been used to successfully infect half of the Fortune 500 companies.  According to the United States Justice Department, the Buttefly Botnet infected eleven million computers and resulted in losses of 850 millino dollars already.  The way the Butterfly botnet worked was by hijacking the accounts of Facebook users which would then be used to post messages and links that would appear to come from the accounts of friends, but in reality would be links that, when clicked on, downloaded malware such as keystroke logging malware that would steal all of the information from the infected computer causing the computer owner to become a victim of identity theft.


As I have been advising you for a long time (unless you are new to this website/blog, in which case you now know how important it is to read this website/blog each day to stay informed about the latest in protecting yourself from scams and identity theft schemes) never trust any email or Facebook posting that contains a link or an attachment unless you have independently verified that the email or Facebook posting is not from your someone you know and not part of a botnet.  Additionally, you should not even trust such a link or attachment even if it comes from someone you know because they may unwittingly be passing on a tainted attachment or link.  Always find out the source of any attachment or link and confirm that it is legitimate.

Scam of the day – October 7, 2012 – Hulk Hogan sex tape scams

Celebrity sex tapes are nothing new.  From Pamela Anderson to Paris Hilton to Kim Kardashian and others, the public’s thirst for sex tapes sometimes made without and almost always distributed without the knowledge of the celebrity is always great.  The latest of the sex tapes to hit the Internet is a sex tape that apparently was done surreptitiously of former WWE wrestling champion Hulk Hogan who is shown in a thirty minute tape having sex with a woman who has been identified by some as the ex-wife of Hogan’s best friend.  A number of legitimate websites are showing a one minute portion of the tape, but you can probably expect soon that the full thirty minute tape will be appearing on the Internet.  But beware.  Scammers, as they have done with other celebrity nude shots or sex tapes,  most recently with the topless shots of Kate, the Duchess of Windsor will be sending out emails, Facebook messages and tweets that lure you to phony websites that when you click on the link necessary to watch the tape will download dangerous keystroke logging malware on your computer that can steal your information and make you a victim of identity theft.


Never trust links that come in emails, tweets or Facebook messages.  Even if they come from friends who you trust, you must remember my motto, “trust me you can’t trust anyone.”  Your friends may have had their email account, Twitter account or Facebook account hacked into by an identity thief and the message that you are getting may be from the identity thief, not your friend.  And that message may well contain keystroke logging malware.  In addition, even if your real friends pass on a link, they may be unwittingly passing on a link that they do not realize will cause you to become a victim of identity theft.  The best course of action, if you are intent upon seeing the video is to go only to websites that you know are legitimate.